Search Results :

×

Additional Configuration for WordPress Azure AD Single Sign-On


Once the WordPress Azure AD SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

1. Attribute Mapping

  • In the Service Provider Setup tab, after metadata exchange click on Test Connection.
  • After performing SSO, the default attributes will be sent from Azure AD and will be available for Attribute Mapping.
  • There are certain default attributes that are sent from the Azure AD side for every connection that are listed in the table.

  • Attribute Mapping | WP Azure AD SSO configuration

Adding extra Attributes on the Azure AD Side:

  • Go to Attributes & Claims and click on the Edit button.
  • Attribute & Claims Edit | WordPress Azure AD SSO configuration
  • In order to add a custom attribute, click on Add new claim under the Attributes tab.
  • Add new Claim | WordPress Azure AD SSO configuration
  • Under the Manage Claim tab, fill all the required fields Name, Namespace, and Source attributes.
  • Then, click on Save.
  • Attribute & Claims Save | WordPress Azure AD SSO configuration
  • Navigate to the Service Provider Setup tab, there click on Test Connection.
  • A popup window will appear. If your connection is successful then the list of attributes mapped and the custom attribute will be displayed.

2. Configure Advanced & Custom Attribute Mapping

  • This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the Azure AD. This is stored in user meta table in WordPress database.
  • Write your custom attribute name in the Custom Attribute Name input box, select the attribute from IDP using the dropdown in the Attribute Name from IDP field.
  • To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
  • Custom Attribute Mapping | WordPress Azure AD SSO configuration
  • You can add new attributes using the ADD Attribute button.
  • And then, click on Save button to save the configurations.

3. Role Mapping

  • The Attribute Mapping section also provides mapping for fields named Group/Role.
  • This attribute will contain the role-related information sent by the Identity Provider (i.e, Azure AD).
  • The roles are allocated to specific users on the bases of their roles/groups at the time of login.
  • The value of this attribute which is mapped to Group/Role will be considered in the Role Mapping section.

  • Role Mapping | WP Azure AD SSO configuration
  • Values of selected Group/Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.

  • Role Mapping | WP Azure AD configuration
  • Role / Group Mapping on the Azure Ad:

    • By default, the User group will be sent in the SAML response. You can edit it under the Attribute tab.
    • For adding a new group, click on the Add a group claim.
    • Add Group Mapping | WordPress Azure AD SSO configuration
    • In Group Claims, you can select the group as well as the source attribute to send in SAML response.
    • Group Claims Properties | WordPress SAML SSO configuration

4. Single Logout

  • For configuring Single Logout, scroll down to the logout URL in the Single Sign On tab.
  • Single logout url plugin side | WP Azure AD SSO configuration
  • And, enter the Single Logout URL from the Service Provider Metadata tab in the plugin.
  • Single logout url Azure side | Azure AD WordPress SSO configuration

5. Signed SSO Requests

  • For Signed SSO Requests, enable the Sign SSO & SLO Requests toggle in the Service Provider Setup tab in the plugin.

  • Signed Request plugin | Azure AD WordPress SSO configuration
  • Download the SP Certificate from the Service Provider Metadata tab.

  • SP Certificate | Azure AD WordPress SSO configuration
  • Now, navigate to the Azure Ad platform.
  • To allow the signed request and its verification click on the edit button in Verification certificates.
  • Verification certificates | WP Azure AD SSO configuration
  • Then, check both Require verification certificate and Allow request signed options.
  • check options | WordPress Azure AD SSO configuration
  • Click on the upload certificate and select .cer formatted file.
  • In case if you have a .crt formatted file follow the process mentioned below.
    • Open the certificate file downloaded from the Service provider side
    • Go to the Details tab, and click the Copy to file button.
    • Details Tab | WP Azure AD SSO configuration
    • Select the Base-64 encoded X.609 option and click on next.
    • Base64 encoded | WordPress Azure AD SSO configuration
    • Then, enter a filename and click on the next button.
    • Filename | Azure AD WordPress SSO configuration
    • And then, click on the OK button to save the Certificate.
    • Verification certificates save | Azure AD WordPress SSO configuration

Conclusion

Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com